A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system s booting process even if the Secure Boot verification mechanism is active. An attacker could use it to plant malware known as bootkit that loads before the operating system (OS) Malware added this way is highly persistent as it survives an OS reinstall. Despite the damage it can do, the vulnerability has a severity score of 8.2 (high) because editing the configuration file requires editing the file requires administrative privileges: However, the effort is worth it for some actors.
Source: https://www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/